Hereinafter, a method of establishing security association when a mobile station performs handover from a current network to another radio network will be described.
The IEEE 802.16 standard supports a privacy and key management (PKM) protocol. The PKM protocol means a protocol which safely distributes key related data from a base station a mobile station. If this PKM protocol is used, the mobile station and the base station can share the key related data, and the base station can control access of the network.
The PKM protocol supports both bi-directional authentication and unidirectional authentication. Also, the PKM protocol supports periodical re-authentication and key update procedure, Extensible Authentication Protocol (EAP: IETE RFC 3748) based authentication mode, X.509 digital credential (IETE RFC 3280) based authentication mode which uses Rivest Shamir Adleman (RSA) public key encryption algorithm, and a mode for performing EAP based authentication procedure after performing RSA based authentication procedure. Namely, the PKM protocol is a protocol, which performs key exchange between the mobile station and the base station using a powerful encryption algorithm.
A PKM sublayer can use various authentication protocols. For example, examples of the authentication protocols include RSA protocol and an extensible authentication protocol (EAP). Hereinafter, an EAP to which extensibility and flexibility are given so as to allow various kinds of authentication modes will be described.
There is provided the IEEE 802.1x standard, which uses the EAP for wire and wireless LAN. The IEEE 802.1x standard defines a format and procedure of EAPoL (EAP over LAN) frame that can transfer EAP message, and prescribes a procedure of allowing network access only if a user acquires a physical port license of a radio access point from an authentication server.
FIG. 1 is a diagram illustrating an example of a hierarchical structure and elements of an 802.1x system.
In FIG. 1, an access point which supports 802.1x supports protocol stack of almost all layers such as Internet protocol (IP), user datagram protocol (UDP), a remote authentication dial in user service (RADIUS) client function, as well as EAPoL processing function. Hereinafter, the 802.1x hierarchical structure will be described.
Referring to FIG. 1, the 802.1x hierarchical structure is as follows. A lower layer which transfers EAP frame can include EAPoL, point-to-point (PPP) protocol, RADIUS, etc. The EAP layer serves to transmit, receive, and relay EAP packets, and performs packet retransmission and repeated reception sensing functions. The EAP layer classifies EAP packets using a code value of an EAP packet header and then transfers the classified EAP packets to an EAP Peer layer or an EAP authenticator layer. The EAP Peer/Authenticator layers serve to transfer EAP packets to a corresponding EAP authentication mode processing layer with reference to a type region of the EAP packets.
FIG. 2 is a flow chart illustrating an authentication procedure for a mobile station of a general IEEE 802.16 system.
FIG. 2 relates to an authentication procedure currently in service, and illustrates a schematic flow of a message and a transmission type of information. However, messages, which include information transmitted to and received from a mobile station (MS) 200, a base station (BS) 220, or an authentication authorization accounting (AAA) server 240, may have various types.
Referring to FIG. 2, when the mobile station 200 intends to enter a network, the mobile station acquires synchronization with the base station 220, performs ranging, and performs basic capability negotiation with the base station through SBC-REQ/RSP messages (S201).
Table 1 illustrates an example of the SBC-REQ/RSP message for basic capability negotiation between the mobile station and the base station.
TABLE 1SBC-REQ/RSP{Essential parameterPhysical Parameters SupportedBandwidth Allocation SupportSelective parameterCapabilities for construction and transmission of MACPDUsPKM Flow ControlAuthorization Policy SupportMaximum Number of Supported Security AssociationSecurity Negotiation ParametersHMAC-CMAC Tuple}
In Table 1, the SBC-REQ (Subscribe Station Basic Request) message is transmitted by the mobile station during initialization. The base station transmits the SBC-RSP (Subscribe Station Basic Response) message to the mobile station in response to the SBC-REQ message. The SBC-REQ/RSP messages are to negotiate basic capability between the mobile station and the base station.
Basic capability negotiation is intended to report basic capability of the mobile station to the base station directly after ranging ends. In Table 1, the SBC-REQ/RSP messages include parameters that can selectively be included, in addition to necessarily required parameters.
Security association (SA) means a collection of security information shared by the base station and one or more mobile stations to support safe communication over the entire of IEEE 802.16 based network. In Table 1, examples of security association include an authorization policy support field and security negotiation parameters.
The authorization policy support field is one of fields included in the SBC-REQ/RSP messages, and specifies an authorization policy to be negotiated and synchronized between the mobile station and the base station. If the authorization policy support field is omitted, the mobile station and the base station should use IEEE 802.16 security having X.509 credential and RSA public key algorithm as an authorization policy.
Table 2 illustrates an example of the authorization policy support field, which is generally used.
TABLE 2TypeLengthContentRegion1Bit #0: IEEE 802.16SBC-REQ, SBC-RSPPrivacy SupportedBits #1-7: Reserved,shall be set to zero1Bit #0: RSA-BasedAuthorization at theInitial Network EntryBit #1: EAP-BasedAuthorization atInitial Network EntryBit #2: AuthenticatedEAP-based Authorization atthe initial Network EntryBit #3: Reserved,set to 0Bit #4: RSA-BasedAuthorization at ReentryBit #5: EAP-BasedAuthorization at ReentryBit #6: AuthenticatedEAP-Based AuthorizationReentryBit #7: reserved,shall be set to 0
The security negotiation parameter field that can be included in Table 2 specifies whether to support security capabilities to be negotiated before initial authorization or reauthorization is performed.
Table 3 illustrates an example of the security negotiation parameter field which is generally used.
TABLE 3TypeLengthContentsRegion25variableThe Compound field contains theSBC-REQ, SBC-subattributes as defined in theSRPtable belowSubattributeContentsPKM Version SupportVersion of Privacy SublayerSupportedAuthorization Policy SupportAuthorization Policy to SupportMessage Authentication codeMessage Authentication Code toModeSupportPN Window sizeSize Capability of the Receiver PNWindow per SAID
Meanwhile, PKM Version Support field of Table 3 specifies PKM version. Namely, both the mobile station and the base station should negotiate only one PKM version.
Table 4 illustrates an example of the PKM version support field, which is generally used.
TABLE 4TypeLengthValue25.11Bit #0: PKM Version 1Bit #1: PKM Version 2Bits #2-7: reserved value, setting to ‘0’
Referring to FIG. 2, the mobile station 200 requests an authentication authorization accounting server (AAA server) 240 to authenticate an extensible authentication protocol (EAP) through the base station 220. The AAA server 240 performs authentication of a user through an EAP authentication method in response to the request of the mobile station 200 (S202).
An example of the EAP authentication method includes a method of using X.509 credential in case of EAP-TLS. Also, an example of the EAP authentication method includes a method of using a specific type credit credential such as a subscriber identity module (SIM) in case of EAP-SIM. However, an RSA authentication method, which uses an encryption algorithm based on a public key encryption, may be used in accordance with requirements of the system.
In the step S202, if authentication of the mobile station (or user) is successfully completed, the AAA server 240 generates a master session key (MSK) through the EAP based authentication method. The AAA server transmits MSK to the base station (S203). The base station 220 transmits the MSK received from the AAA server 240 to the mobile station 200 so as to share it with the mobile station 200 (S204).
The mobile station 200 and the base station 220 can generate an authentication key (AK) using PMK (EAP based authentication method) (S205). Also, the mobile station 200 or the base station 220 can generate the AK using the MS. The AK can be used to generate a traffic encryption key (TEK) for communication between the mobile station 200 and the base station 220.
The mobile station 200 and the base station 220 share TEK through 3-way handshaking (S206). The 3-way handshaking is performed through handshaking of three stages, such as SA-TEK challenge, SA-TEK request, and SA-TEK response. At this time, the mobile station 200 and the base station 220 can generate and share TEK used to encode actual data.
The mobile station 200 and the base station 220, which have generated the AK by performing the authentication procedure, can share the TEK. Afterwards, the mobile station can perform a network entry procedure (S207).